Presumably, even with a certificate, users would still have to trust that none of the authors had put any malicious code into it? All the certificate does is assert where it came from. You are still required to trust the source.